mirrors
/
sway
mirror of https://github.com/swaywm/sway.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow also 444 for security file mode

This commit is contained in:
Jaanus Torp 2017-03-16 15:12:22 +00:00
parent 109f384771
commit 8306b886e9
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sway/config.c
View File

@ -547,8 +547,8 @@ bool load_main_config(const char *file, bool is_active) {
list_qsort(secconfigs, qstrcmp); list_qsort(secconfigs, qstrcmp);
for (int i = 0; i < secconfigs->length; ++i) { for (int i = 0; i < secconfigs->length; ++i) {
char *_path = secconfigs->items[i]; char *_path = secconfigs->items[i];
if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (s.st_mode & 0777) != 0644) { if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (((s.st_mode & 0777) != 0644) && (s.st_mode & 0777) != 0444)) {
sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644", _path); sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644 or 444", _path);
success = false; success = false;
} else { } else {
success = success && load_config(_path, config); success = success && load_config(_path, config);

2
sway/sway-security.7.txt
View File

@ -21,7 +21,7 @@ you must make a few changes external to sway first.
Configuration of security features is limited to files in the security directory Configuration of security features is limited to files in the security directory
(this is likely /etc/sway/security.d/*, but depends on your installation prefix). (this is likely /etc/sway/security.d/*, but depends on your installation prefix).
Files in this directory must be owned by root:root and chmod 644. The default Files in this directory must be owned by root:root and chmod 644 or 444. The default
security configuration is installed to /etc/sway/security.d/00-defaults, and security configuration is installed to /etc/sway/security.d/00-defaults, and
should not be modified - it will be updated with the latest recommended security should not be modified - it will be updated with the latest recommended security
defaults between releases. To override the defaults, you should add more files to defaults between releases. To override the defaults, you should add more files to